Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Wordpress CVE-2017-8295 WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) Patch
--- pluggable.php 2017-05-04 09:37:27.000000000 +0200
+++ pluggable_patched.php 2017-05-04 09:40:39.000000000 +0200
@@ -323,10 +323,7 @@
if ( !isset( $from_email ) ) {
// Get the site domain and get rid of www.
- $sitename = strtolower( $_SERVER['SERVER_NAME'] );
- if ( substr( $sitename, 0, 4 ) == 'www.' ) {
- $sitename = substr( $sitename, 4 );
- }
+ $sitename = str_ireplace('www.', '', parse_url(get_bloginfo( 'url', 'display' ), PHP_URL_HOST));
$from_email = 'wordpress@' . $sitename;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment